Revert "init.rc: stop calling 'fsverity_init --load-verified-keys'" Revert submission 2662658-fsverity-init-cleanup Reason for revert: Culprit for test breakage b/293232766 Reverted changes: /q/submissionid:2662658-fsverity-init-cleanup Change-Id: I77086f955a53eec274166b7395a88b7dc0e1ad53

commit: 9292f74fc1b20275e29246a12ce4913599645cd9 [log] [tgz]
author: Yunkai Lim <yunkai@google.com> Wed Jul 26 06:21:30 2023 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Wed Jul 26 06:21:43 2023 +0000
tree: e83006a8deec3b5207e034deaac7bd9cfa88b134
parent: 7acaea6770021889d1745b8fb54b57b7cf10585a [diff]
diff --git a/rootdir/Android.bp b/rootdir/Android.bp
index 65865a6..e98733a 100644
--- a/rootdir/Android.bp
+++ b/rootdir/Android.bp

@@ -20,7 +20,10 @@
     name: "init.rc",
     src: "init.rc",
     sub_dir: "init/hw",
-    required: ["platform-bootclasspath"],
+    required: [
+        "fsverity_init",
+        "platform-bootclasspath",
+    ],
 }
 
 prebuilt_etc {

diff --git a/rootdir/init.rc b/rootdir/init.rc
index dec763a..d2499ef 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc

@@ -629,6 +629,9 @@
     # HALs required before storage encryption can get unlocked (FBE)
     class_start early_hal
 
+    # Load trusted keys from dm-verity protected partitions
+    exec -- /system/bin/fsverity_init --load-verified-keys
+
 # Only enable the bootreceiver tracing instance for kernels 5.10 and above.
 on late-fs && property:ro.kernel.version=4.9
     setprop bootreceiver.enable 0
commit	9292f74fc1b20275e29246a12ce4913599645cd9	[log] [tgz]
author	Yunkai Lim <yunkai@google.com>	Wed Jul 26 06:21:30 2023 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Wed Jul 26 06:21:43 2023 +0000
tree	e83006a8deec3b5207e034deaac7bd9cfa88b134
parent	7acaea6770021889d1745b8fb54b57b7cf10585a [diff]